Crée ou met à jour une automatisation de la sécurité. Si une automatisation de sécurité est déjà créée et qu’une demande suivante est émise pour le même ID d’automatisation, elle est mise à jour.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/automations/{automationName}?api-version=2019-01-01-preview
Paramètres URI
Nom |
Dans |
Obligatoire |
Type |
Description |
automationName
|
path |
True
|
string
|
Nom de l’automatisation de la sécurité.
|
resourceGroupName
|
path |
True
|
string
|
Nom du groupe de ressources dans l’abonnement de l’utilisateur. Le nom ne respecte pas la casse.
Regex pattern: ^[-\w\._\(\)]+$
|
subscriptionId
|
path |
True
|
string
|
ID d’abonnement Azure
Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
|
api-version
|
query |
True
|
string
|
Version de l’API pour l’opération
|
Corps de la demande
Nom |
Type |
Description |
etag
|
string
|
La balise d’entité est utilisée pour comparer au moins deux entités de la même ressource demandée.
|
kind
|
string
|
Type de ressource
|
location
|
string
|
Emplacement où la ressource est stockée
|
properties.actions
|
AutomationAction[]:
|
Collection des actions qui sont déclenchées si toutes les évaluations de règles configurées, dans au moins un ensemble de règles, sont vraies.
|
properties.description
|
string
|
Description de l’automatisation de la sécurité.
|
properties.isEnabled
|
boolean
|
Indique si l’automatisation de la sécurité est activée.
|
properties.scopes
|
AutomationScope[]
|
Collection d’étendues sur lesquelles la logique d’automatisation de la sécurité est appliquée. Les étendues prises en charge sont l’abonnement lui-même ou un groupe de ressources sous cet abonnement. L’automatisation s’applique uniquement aux étendues définies.
|
properties.sources
|
AutomationSource[]
|
Collection des types d’événements sources qui évaluent l’ensemble de règles d’automatisation de la sécurité.
|
tags
|
object
|
Liste de paires clé/valeur décrivant la ressource.
|
Réponses
Nom |
Type |
Description |
200 OK
|
Automation
|
Ok
|
201 Created
|
Automation
|
Date de création
|
Other Status Codes
|
CloudError
|
Réponse d’erreur décrivant la raison de l’échec de l’opération
|
Sécurité
azure_auth
Flux OAuth2 Azure Active Directory
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Nom |
Description |
user_impersonation
|
Emprunter l’identité de votre compte d’utilisateur
|
Exemples
Create or update a security automation for all assessments (including all severities)
Sample Request
PUT https://management.azure.com/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation?api-version=2019-01-01-preview
{
"location": "Central US",
"etag": "etag value (must be supplied for update)",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments"
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp",
"uri": "https://exampleTriggerUri1.com"
}
]
}
}
import com.azure.resourcemanager.security.models.AutomationActionLogicApp;
import com.azure.resourcemanager.security.models.AutomationScope;
import com.azure.resourcemanager.security.models.AutomationSource;
import com.azure.resourcemanager.security.models.EventSource;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/** Samples for Automations CreateOrUpdate. */
public final class Main {
/*
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json
*/
/**
* Sample code: Create or update a security automation for all assessments (including all severities).
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateASecurityAutomationForAllAssessmentsIncludingAllSeverities(
com.azure.resourcemanager.security.SecurityManager manager) {
manager
.automations()
.define("exampleAutomation")
.withRegion("Central US")
.withExistingResourceGroup("exampleResourceGroup")
.withTags(mapOf())
.withDescription(
"An example of a security automation that triggers one LogicApp resource (myTest1) on any security"
+ " assessment")
.withIsEnabled(true)
.withScopes(
Arrays
.asList(
new AutomationScope()
.withDescription(
"A description that helps to identify this scope - for example: security assessments"
+ " that relate to the resource group myResourceGroup within the subscription"
+ " a5caac9c-5c04-49af-b3d0-e204f40345d5")
.withScopePath(
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup")))
.withSources(Arrays.asList(new AutomationSource().withEventSource(EventSource.ASSESSMENTS)))
.withActions(
Arrays
.asList(
new AutomationActionLogicApp()
.withLogicAppResourceId(
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1")
.withUri("https://exampleTriggerUri1.com")))
.create();
}
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e716082ac474f182e2220e4f38f1d6191e7636cf/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json
func ExampleAutomationsClient_CreateOrUpdate_createOrUpdateASecurityAutomationForAllAssessmentsIncludingAllSeverities() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAutomationsClient().CreateOrUpdate(ctx, "exampleResourceGroup", "exampleAutomation", armsecurity.Automation{
Location: to.Ptr("Central US"),
Etag: to.Ptr("etag value (must be supplied for update)"),
Tags: map[string]*string{},
Properties: &armsecurity.AutomationProperties{
Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment"),
Actions: []armsecurity.AutomationActionClassification{
&armsecurity.AutomationActionLogicApp{
ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
URI: to.Ptr("https://exampleTriggerUri1.com"),
}},
IsEnabled: to.Ptr(true),
Scopes: []*armsecurity.AutomationScope{
{
Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
}},
Sources: []*armsecurity.AutomationSource{
{
EventSource: to.Ptr(armsecurity.EventSourceAssessments),
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Automation = armsecurity.Automation{
// Location: to.Ptr("Central US"),
// Etag: to.Ptr("new etag value"),
// Name: to.Ptr("exampleAutomation"),
// Type: to.Ptr("Microsoft.Security/automations"),
// ID: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation"),
// Tags: map[string]*string{
// },
// Properties: &armsecurity.AutomationProperties{
// Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment"),
// Actions: []armsecurity.AutomationActionClassification{
// &armsecurity.AutomationActionLogicApp{
// ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
// LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
// }},
// IsEnabled: to.Ptr(true),
// Scopes: []*armsecurity.AutomationScope{
// {
// Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
// ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
// }},
// Sources: []*armsecurity.AutomationSource{
// {
// EventSource: to.Ptr(armsecurity.EventSourceAssessments),
// RuleSets: []*armsecurity.AutomationRuleSet{
// },
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
*
* @summary Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json
*/
async function createOrUpdateASecurityAutomationForAllAssessmentsIncludingAllSeverities() {
const subscriptionId =
process.env["SECURITY_SUBSCRIPTION_ID"] || "a5caac9c-5c04-49af-b3d0-e204f40345d5";
const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "exampleResourceGroup";
const automationName = "exampleAutomation";
const automation = {
description:
"An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
actions: [
{
actionType: "LogicApp",
logicAppResourceId:
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
uri: "https://exampleTriggerUri1.com",
},
],
etag: "etag value (must be supplied for update)",
isEnabled: true,
location: "Central US",
scopes: [
{
description:
"A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
scopePath:
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
},
],
sources: [{ eventSource: "Assessments" }],
tags: {},
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential, subscriptionId);
const result = await client.automations.createOrUpdate(
resourceGroupName,
automationName,
automation
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json
// this example is just showing the usage of "Automations_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SecurityAutomationResource created on azure
// for more information of creating SecurityAutomationResource, please refer to the document of SecurityAutomationResource
string subscriptionId = "a5caac9c-5c04-49af-b3d0-e204f40345d5";
string resourceGroupName = "exampleResourceGroup";
string automationName = "exampleAutomation";
ResourceIdentifier securityAutomationResourceId = SecurityAutomationResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, automationName);
SecurityAutomationResource securityAutomation = client.GetSecurityAutomationResource(securityAutomationResourceId);
// invoke the operation
SecurityAutomationData data = new SecurityAutomationData(new AzureLocation("Central US"))
{
Description = "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
IsEnabled = true,
Scopes =
{
new SecurityAutomationScope()
{
Description = "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
ScopePath = "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
}
},
Sources =
{
new SecurityAutomationSource()
{
EventSource = SecurityEventSource.Assessments,
}
},
Actions =
{
new SecurityAutomationActionLogicApp()
{
LogicAppResourceId = new ResourceIdentifier("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
Uri = new Uri("https://exampleTriggerUri1.com"),
}
},
ETag = new ETag("etag value (must be supplied for update)"),
Tags =
{
},
};
ArmOperation<SecurityAutomationResource> lro = await securityAutomation.UpdateAsync(WaitUntil.Completed, data);
SecurityAutomationResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityAutomationData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/automations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": []
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/SecurityAutomations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/SecurityAutomations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": []
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
Create or update a security automation for all high severity assessments
Sample Request
PUT https://management.azure.com/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation?api-version=2019-01-01-preview
{
"location": "Central US",
"etag": "etag value (must be supplied for update)",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "properties.metadata.severity",
"propertyType": "String",
"expectedValue": "High",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp",
"uri": "https://exampleTriggerUri1.com"
}
]
}
}
import com.azure.resourcemanager.security.models.AutomationActionLogicApp;
import com.azure.resourcemanager.security.models.AutomationRuleSet;
import com.azure.resourcemanager.security.models.AutomationScope;
import com.azure.resourcemanager.security.models.AutomationSource;
import com.azure.resourcemanager.security.models.AutomationTriggeringRule;
import com.azure.resourcemanager.security.models.EventSource;
import com.azure.resourcemanager.security.models.Operator;
import com.azure.resourcemanager.security.models.PropertyType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/** Samples for Automations CreateOrUpdate. */
public final class Main {
/*
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json
*/
/**
* Sample code: Create or update a security automation for all high severity assessments.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateASecurityAutomationForAllHighSeverityAssessments(
com.azure.resourcemanager.security.SecurityManager manager) {
manager
.automations()
.define("exampleAutomation")
.withRegion("Central US")
.withExistingResourceGroup("exampleResourceGroup")
.withTags(mapOf())
.withDescription(
"An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity"
+ " security assessment")
.withIsEnabled(true)
.withScopes(
Arrays
.asList(
new AutomationScope()
.withDescription(
"A description that helps to identify this scope - for example: security assessments"
+ " that relate to the resource group myResourceGroup within the subscription"
+ " a5caac9c-5c04-49af-b3d0-e204f40345d5")
.withScopePath(
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup")))
.withSources(
Arrays
.asList(
new AutomationSource()
.withEventSource(EventSource.ASSESSMENTS)
.withRuleSets(
Arrays
.asList(
new AutomationRuleSet()
.withRules(
Arrays
.asList(
new AutomationTriggeringRule()
.withPropertyJPath("properties.metadata.severity")
.withPropertyType(PropertyType.STRING)
.withExpectedValue("High")
.withOperator(Operator.EQUALS)))))))
.withActions(
Arrays
.asList(
new AutomationActionLogicApp()
.withLogicAppResourceId(
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1")
.withUri("https://exampleTriggerUri1.com")))
.create();
}
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e716082ac474f182e2220e4f38f1d6191e7636cf/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json
func ExampleAutomationsClient_CreateOrUpdate_createOrUpdateASecurityAutomationForAllHighSeverityAssessments() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAutomationsClient().CreateOrUpdate(ctx, "exampleResourceGroup", "exampleAutomation", armsecurity.Automation{
Location: to.Ptr("Central US"),
Etag: to.Ptr("etag value (must be supplied for update)"),
Tags: map[string]*string{},
Properties: &armsecurity.AutomationProperties{
Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment"),
Actions: []armsecurity.AutomationActionClassification{
&armsecurity.AutomationActionLogicApp{
ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
URI: to.Ptr("https://exampleTriggerUri1.com"),
}},
IsEnabled: to.Ptr(true),
Scopes: []*armsecurity.AutomationScope{
{
Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
}},
Sources: []*armsecurity.AutomationSource{
{
EventSource: to.Ptr(armsecurity.EventSourceAssessments),
RuleSets: []*armsecurity.AutomationRuleSet{
{
Rules: []*armsecurity.AutomationTriggeringRule{
{
ExpectedValue: to.Ptr("High"),
Operator: to.Ptr(armsecurity.OperatorEquals),
PropertyJPath: to.Ptr("properties.metadata.severity"),
PropertyType: to.Ptr(armsecurity.PropertyTypeString),
}},
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Automation = armsecurity.Automation{
// Location: to.Ptr("Central US"),
// Etag: to.Ptr("new etag value"),
// Name: to.Ptr("exampleAutomation"),
// Type: to.Ptr("Microsoft.Security/automations"),
// ID: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation"),
// Tags: map[string]*string{
// },
// Properties: &armsecurity.AutomationProperties{
// Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment"),
// Actions: []armsecurity.AutomationActionClassification{
// &armsecurity.AutomationActionLogicApp{
// ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
// LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
// }},
// IsEnabled: to.Ptr(true),
// Scopes: []*armsecurity.AutomationScope{
// {
// Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
// ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
// }},
// Sources: []*armsecurity.AutomationSource{
// {
// EventSource: to.Ptr(armsecurity.EventSourceAssessments),
// RuleSets: []*armsecurity.AutomationRuleSet{
// {
// Rules: []*armsecurity.AutomationTriggeringRule{
// {
// ExpectedValue: to.Ptr("High"),
// Operator: to.Ptr(armsecurity.OperatorEquals),
// PropertyJPath: to.Ptr("properties.metadata.severity"),
// PropertyType: to.Ptr(armsecurity.PropertyTypeString),
// }},
// }},
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
*
* @summary Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json
*/
async function createOrUpdateASecurityAutomationForAllHighSeverityAssessments() {
const subscriptionId =
process.env["SECURITY_SUBSCRIPTION_ID"] || "a5caac9c-5c04-49af-b3d0-e204f40345d5";
const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "exampleResourceGroup";
const automationName = "exampleAutomation";
const automation = {
description:
"An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
actions: [
{
actionType: "LogicApp",
logicAppResourceId:
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
uri: "https://exampleTriggerUri1.com",
},
],
etag: "etag value (must be supplied for update)",
isEnabled: true,
location: "Central US",
scopes: [
{
description:
"A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
scopePath:
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
},
],
sources: [
{
eventSource: "Assessments",
ruleSets: [
{
rules: [
{
expectedValue: "High",
operator: "Equals",
propertyJPath: "properties.metadata.severity",
propertyType: "String",
},
],
},
],
},
],
tags: {},
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential, subscriptionId);
const result = await client.automations.createOrUpdate(
resourceGroupName,
automationName,
automation
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json
// this example is just showing the usage of "Automations_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SecurityAutomationResource created on azure
// for more information of creating SecurityAutomationResource, please refer to the document of SecurityAutomationResource
string subscriptionId = "a5caac9c-5c04-49af-b3d0-e204f40345d5";
string resourceGroupName = "exampleResourceGroup";
string automationName = "exampleAutomation";
ResourceIdentifier securityAutomationResourceId = SecurityAutomationResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, automationName);
SecurityAutomationResource securityAutomation = client.GetSecurityAutomationResource(securityAutomationResourceId);
// invoke the operation
SecurityAutomationData data = new SecurityAutomationData(new AzureLocation("Central US"))
{
Description = "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
IsEnabled = true,
Scopes =
{
new SecurityAutomationScope()
{
Description = "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
ScopePath = "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
}
},
Sources =
{
new SecurityAutomationSource()
{
EventSource = SecurityEventSource.Assessments,
RuleSets =
{
new SecurityAutomationRuleSet()
{
Rules =
{
new SecurityAutomationTriggeringRule()
{
PropertyJPath = "properties.metadata.severity",
PropertyType = AutomationTriggeringRulePropertyType.String,
ExpectedValue = "High",
Operator = AutomationTriggeringRuleOperator.EqualsValue,
}
},
}
},
}
},
Actions =
{
new SecurityAutomationActionLogicApp()
{
LogicAppResourceId = new ResourceIdentifier("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
Uri = new Uri("https://exampleTriggerUri1.com"),
}
},
ETag = new ETag("etag value (must be supplied for update)"),
Tags =
{
},
};
ArmOperation<SecurityAutomationResource> lro = await securityAutomation.UpdateAsync(WaitUntil.Completed, data);
SecurityAutomationResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityAutomationData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/automations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "properties.metadata.severity",
"propertyType": "String",
"expectedValue": "High",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/SecurityAutomations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/SecurityAutomations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "properties.metadata.severity",
"propertyType": "String",
"expectedValue": "High",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
Disable or enable a security automation
Sample Request
PUT https://management.azure.com/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation?api-version=2019-01-01-preview
{
"location": "Central US",
"etag": "etag value (must be supplied for update)",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
"isEnabled": false,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "$.Entity.AssessmentType",
"propertyType": "String",
"expectedValue": "customAssessment",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp",
"uri": "https://exampleTriggerUri1.com"
}
]
}
}
import com.azure.resourcemanager.security.models.AutomationActionLogicApp;
import com.azure.resourcemanager.security.models.AutomationRuleSet;
import com.azure.resourcemanager.security.models.AutomationScope;
import com.azure.resourcemanager.security.models.AutomationSource;
import com.azure.resourcemanager.security.models.AutomationTriggeringRule;
import com.azure.resourcemanager.security.models.EventSource;
import com.azure.resourcemanager.security.models.Operator;
import com.azure.resourcemanager.security.models.PropertyType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/** Samples for Automations CreateOrUpdate. */
public final class Main {
/*
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json
*/
/**
* Sample code: Disable or enable a security automation.
*
* @param manager Entry point to SecurityManager.
*/
public static void disableOrEnableASecurityAutomation(com.azure.resourcemanager.security.SecurityManager manager) {
manager
.automations()
.define("exampleAutomation")
.withRegion("Central US")
.withExistingResourceGroup("exampleResourceGroup")
.withTags(mapOf())
.withDescription(
"An example of a security automation that triggers one LogicApp resource (myTest1) on any security"
+ " assessment of type customAssessment")
.withIsEnabled(false)
.withScopes(
Arrays
.asList(
new AutomationScope()
.withDescription(
"A description that helps to identify this scope - for example: security assessments"
+ " that relate to the resource group myResourceGroup within the subscription"
+ " a5caac9c-5c04-49af-b3d0-e204f40345d5")
.withScopePath(
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup")))
.withSources(
Arrays
.asList(
new AutomationSource()
.withEventSource(EventSource.ASSESSMENTS)
.withRuleSets(
Arrays
.asList(
new AutomationRuleSet()
.withRules(
Arrays
.asList(
new AutomationTriggeringRule()
.withPropertyJPath("$.Entity.AssessmentType")
.withPropertyType(PropertyType.STRING)
.withExpectedValue("customAssessment")
.withOperator(Operator.EQUALS)))))))
.withActions(
Arrays
.asList(
new AutomationActionLogicApp()
.withLogicAppResourceId(
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1")
.withUri("https://exampleTriggerUri1.com")))
.create();
}
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e716082ac474f182e2220e4f38f1d6191e7636cf/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json
func ExampleAutomationsClient_CreateOrUpdate_disableOrEnableASecurityAutomation() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAutomationsClient().CreateOrUpdate(ctx, "exampleResourceGroup", "exampleAutomation", armsecurity.Automation{
Location: to.Ptr("Central US"),
Etag: to.Ptr("etag value (must be supplied for update)"),
Tags: map[string]*string{},
Properties: &armsecurity.AutomationProperties{
Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment"),
Actions: []armsecurity.AutomationActionClassification{
&armsecurity.AutomationActionLogicApp{
ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
URI: to.Ptr("https://exampleTriggerUri1.com"),
}},
IsEnabled: to.Ptr(false),
Scopes: []*armsecurity.AutomationScope{
{
Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
}},
Sources: []*armsecurity.AutomationSource{
{
EventSource: to.Ptr(armsecurity.EventSourceAssessments),
RuleSets: []*armsecurity.AutomationRuleSet{
{
Rules: []*armsecurity.AutomationTriggeringRule{
{
ExpectedValue: to.Ptr("customAssessment"),
Operator: to.Ptr(armsecurity.OperatorEquals),
PropertyJPath: to.Ptr("$.Entity.AssessmentType"),
PropertyType: to.Ptr(armsecurity.PropertyTypeString),
}},
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Automation = armsecurity.Automation{
// Location: to.Ptr("Central US"),
// Etag: to.Ptr("new etag value"),
// Name: to.Ptr("exampleAutomation"),
// Type: to.Ptr("Microsoft.Security/automations"),
// ID: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation"),
// Tags: map[string]*string{
// },
// Properties: &armsecurity.AutomationProperties{
// Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment"),
// Actions: []armsecurity.AutomationActionClassification{
// &armsecurity.AutomationActionLogicApp{
// ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
// LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
// }},
// IsEnabled: to.Ptr(false),
// Scopes: []*armsecurity.AutomationScope{
// {
// Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
// ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
// }},
// Sources: []*armsecurity.AutomationSource{
// {
// EventSource: to.Ptr(armsecurity.EventSourceAssessments),
// RuleSets: []*armsecurity.AutomationRuleSet{
// {
// Rules: []*armsecurity.AutomationTriggeringRule{
// {
// ExpectedValue: to.Ptr("customAssessment"),
// Operator: to.Ptr(armsecurity.OperatorEquals),
// PropertyJPath: to.Ptr("$.Entity.AssessmentType"),
// PropertyType: to.Ptr(armsecurity.PropertyTypeString),
// }},
// }},
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
*
* @summary Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json
*/
async function disableOrEnableASecurityAutomation() {
const subscriptionId =
process.env["SECURITY_SUBSCRIPTION_ID"] || "a5caac9c-5c04-49af-b3d0-e204f40345d5";
const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "exampleResourceGroup";
const automationName = "exampleAutomation";
const automation = {
description:
"An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
actions: [
{
actionType: "LogicApp",
logicAppResourceId:
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
uri: "https://exampleTriggerUri1.com",
},
],
etag: "etag value (must be supplied for update)",
isEnabled: false,
location: "Central US",
scopes: [
{
description:
"A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
scopePath:
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
},
],
sources: [
{
eventSource: "Assessments",
ruleSets: [
{
rules: [
{
expectedValue: "customAssessment",
operator: "Equals",
propertyJPath: "$.Entity.AssessmentType",
propertyType: "String",
},
],
},
],
},
],
tags: {},
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential, subscriptionId);
const result = await client.automations.createOrUpdate(
resourceGroupName,
automationName,
automation
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json
// this example is just showing the usage of "Automations_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SecurityAutomationResource created on azure
// for more information of creating SecurityAutomationResource, please refer to the document of SecurityAutomationResource
string subscriptionId = "a5caac9c-5c04-49af-b3d0-e204f40345d5";
string resourceGroupName = "exampleResourceGroup";
string automationName = "exampleAutomation";
ResourceIdentifier securityAutomationResourceId = SecurityAutomationResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, automationName);
SecurityAutomationResource securityAutomation = client.GetSecurityAutomationResource(securityAutomationResourceId);
// invoke the operation
SecurityAutomationData data = new SecurityAutomationData(new AzureLocation("Central US"))
{
Description = "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
IsEnabled = false,
Scopes =
{
new SecurityAutomationScope()
{
Description = "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
ScopePath = "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
}
},
Sources =
{
new SecurityAutomationSource()
{
EventSource = SecurityEventSource.Assessments,
RuleSets =
{
new SecurityAutomationRuleSet()
{
Rules =
{
new SecurityAutomationTriggeringRule()
{
PropertyJPath = "$.Entity.AssessmentType",
PropertyType = AutomationTriggeringRulePropertyType.String,
ExpectedValue = "customAssessment",
Operator = AutomationTriggeringRuleOperator.EqualsValue,
}
},
}
},
}
},
Actions =
{
new SecurityAutomationActionLogicApp()
{
LogicAppResourceId = new ResourceIdentifier("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
Uri = new Uri("https://exampleTriggerUri1.com"),
}
},
ETag = new ETag("etag value (must be supplied for update)"),
Tags =
{
},
};
ArmOperation<SecurityAutomationResource> lro = await securityAutomation.UpdateAsync(WaitUntil.Completed, data);
SecurityAutomationResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityAutomationData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/automations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
"isEnabled": false,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "$.Entity.AssessmentType",
"propertyType": "String",
"expectedValue": "customAssessment",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/SecurityAutomations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/SecurityAutomations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
"isEnabled": false,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "$.Entity.AssessmentType",
"propertyType": "String",
"expectedValue": "customAssessment",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
Définitions
Nom |
Description |
Automation
|
Ressource d’automatisation de la sécurité.
|
AutomationActionEventHub
|
Hub d’événements cible vers lequel les données d’événement seront exportées. Pour en savoir plus sur Microsoft Defender pour les fonctionnalités d’exportation continue cloud, consultezhttps://aka.ms/ASCExportLearnMore
|
AutomationActionLogicApp
|
Action d’application logique qui doit être déclenchée. Pour en savoir plus sur Microsoft Defender pour les fonctionnalités d’automatisation des flux de travail du cloud, consultezhttps://aka.ms/ASCWorkflowAutomationLearnMore
|
AutomationActionWorkspace
|
Espace de travail Log Analytics vers lequel les données d’événement seront exportées. Les données des alertes de sécurité se trouvent dans la table « SecurityAlert » et les données d’évaluation se trouvent dans la table « SecurityRecommendation » (sous les solutions « Security » / « SecurityCenterFree »). Notez que pour afficher les données dans l’espace de travail, la solution gratuite/standard De Security Center Log Analytics doit être activée sur cet espace de travail. Pour en savoir plus sur Microsoft Defender pour les fonctionnalités d’exportation continue cloud, consultezhttps://aka.ms/ASCExportLearnMore
|
AutomationRuleSet
|
Ensemble de règles qui évalue toutes ses règles lors d’une interception d’événement. Ce n’est que lorsque toutes les règles incluses dans l’ensemble de règles sont évaluées comme « true » que l’événement déclenche les actions définies.
|
AutomationScope
|
Étendue d’automatisation unique.
|
AutomationSource
|
Types d’événements sources qui évaluent l’ensemble de règles d’automatisation de la sécurité. Par exemple , alertes de sécurité et évaluations de sécurité. Pour en savoir plus sur les schémas des modèles de données d’événements de sécurité pris en charge, consultez https://aka.ms/ASCAutomationSchemas.
|
AutomationTriggeringRule
|
Règle qui est évaluée lors de l’interception d’événements. La règle est configurée en comparant une valeur spécifique du modèle d’événement à une valeur attendue. Cette comparaison est effectuée à l’aide de l’un des opérateurs pris en charge.
|
CloudError
|
Réponse d’erreur courante pour toutes les API Azure Resource Manager pour retourner les détails de l’erreur concernant les opérations ayant échoué. (Cela suit également le format de réponse d’erreur OData.).
|
CloudErrorBody
|
Détail de l’erreur.
|
ErrorAdditionalInfo
|
Informations supplémentaires sur l’erreur de gestion des ressources.
|
EventSource
|
Type de source d’événement valide.
|
Operator
|
Opérateur de comparateur valide à utiliser. Une comparaison ne respectant pas la casse sera appliquée pour String PropertyType.
|
PropertyType
|
Type de données des opérandes comparés (chaîne, entier, nombre à virgule flottante ou booléen [true/false]]
|
Automation
Ressource d’automatisation de la sécurité.
Nom |
Type |
Description |
etag
|
string
|
La balise d’entité est utilisée pour comparer au moins deux entités de la même ressource demandée.
|
id
|
string
|
ID de ressource
|
kind
|
string
|
Type de ressource
|
location
|
string
|
Emplacement où la ressource est stockée
|
name
|
string
|
Nom de la ressource
|
properties.actions
|
AutomationAction[]:
|
Collection des actions qui sont déclenchées si toutes les évaluations de règles configurées, dans au moins un ensemble de règles, sont vraies.
|
properties.description
|
string
|
Description de l’automatisation de la sécurité.
|
properties.isEnabled
|
boolean
|
Indique si l’automatisation de la sécurité est activée.
|
properties.scopes
|
AutomationScope[]
|
Collection d’étendues sur lesquelles la logique d’automatisation de la sécurité est appliquée. Les étendues prises en charge sont l’abonnement lui-même ou un groupe de ressources sous cet abonnement. L’automatisation s’applique uniquement aux étendues définies.
|
properties.sources
|
AutomationSource[]
|
Collection des types d’événements sources qui évaluent l’ensemble de règles d’automatisation de la sécurité.
|
tags
|
object
|
Liste de paires clé/valeur décrivant la ressource.
|
type
|
string
|
Type de ressource
|
AutomationActionEventHub
Hub d’événements cible vers lequel les données d’événement seront exportées. Pour en savoir plus sur Microsoft Defender pour les fonctionnalités d’exportation continue cloud, consultezhttps://aka.ms/ASCExportLearnMore
Nom |
Type |
Description |
actionType
|
string:
EventHub
|
Type de l’action qui sera déclenchée par l’automatisation
|
connectionString
|
string
|
Le hub d’événements cible chaîne de connexion (il ne sera inclus dans aucune réponse).
|
eventHubResourceId
|
string
|
ID de ressource Azure Event Hub cible.
|
sasPolicyName
|
string
|
Nom de la stratégie SAS Event Hub cible.
|
AutomationActionLogicApp
Action d’application logique qui doit être déclenchée. Pour en savoir plus sur Microsoft Defender pour les fonctionnalités d’automatisation des flux de travail du cloud, consultezhttps://aka.ms/ASCWorkflowAutomationLearnMore
Nom |
Type |
Description |
actionType
|
string:
LogicApp
|
Type de l’action qui sera déclenchée par l’automatisation
|
logicAppResourceId
|
string
|
ID de ressource Azure de l’application logique déclenchée. Cela peut également résider sur d’autres abonnements, étant donné que vous disposez des autorisations nécessaires pour déclencher l’application logique
|
uri
|
string
|
Point de terminaison d’URI du déclencheur d’application logique (il ne sera inclus dans aucune réponse).
|
AutomationActionWorkspace
Espace de travail Log Analytics vers lequel les données d’événement seront exportées. Les données des alertes de sécurité se trouvent dans la table « SecurityAlert » et les données d’évaluation se trouvent dans la table « SecurityRecommendation » (sous les solutions « Security » / « SecurityCenterFree »). Notez que pour afficher les données dans l’espace de travail, la solution gratuite/standard De Security Center Log Analytics doit être activée sur cet espace de travail. Pour en savoir plus sur Microsoft Defender pour les fonctionnalités d’exportation continue cloud, consultezhttps://aka.ms/ASCExportLearnMore
Nom |
Type |
Description |
actionType
|
string:
Workspace
|
Type de l’action qui sera déclenchée par l’automatisation
|
workspaceResourceId
|
string
|
ID de ressource Azure complet de l’espace de travail Log Analytics.
|
AutomationRuleSet
Ensemble de règles qui évalue toutes ses règles lors d’une interception d’événement. Ce n’est que lorsque toutes les règles incluses dans l’ensemble de règles sont évaluées comme « true » que l’événement déclenche les actions définies.
Nom |
Type |
Description |
rules
|
AutomationTriggeringRule[]
|
Règle qui est évaluée lors de l’interception d’événements. La règle est configurée en comparant une valeur spécifique du modèle d’événement à une valeur attendue. Cette comparaison est effectuée à l’aide de l’un des opérateurs pris en charge.
|
AutomationScope
Étendue d’automatisation unique.
Nom |
Type |
Description |
description
|
string
|
Description de l’étendue des ressources.
|
scopePath
|
string
|
Chemin d’accès de l’étendue des ressources. Il peut s’agir de l’abonnement sur lequel l’automatisation est définie ou d’un groupe de ressources sous cet abonnement (ID de ressources Azure complets).
|
AutomationSource
Types d’événements sources qui évaluent l’ensemble de règles d’automatisation de la sécurité. Par exemple , alertes de sécurité et évaluations de sécurité. Pour en savoir plus sur les schémas des modèles de données d’événements de sécurité pris en charge, consultez https://aka.ms/ASCAutomationSchemas.
Nom |
Type |
Description |
eventSource
|
EventSource
|
Type de source d’événement valide.
|
ruleSets
|
AutomationRuleSet[]
|
Ensemble de règles qui s’évaluent lors de l’interception d’événements. Une disjonction logique est appliquée entre les ensembles de règles définis (logique 'ou').
|
AutomationTriggeringRule
Règle qui est évaluée lors de l’interception d’événements. La règle est configurée en comparant une valeur spécifique du modèle d’événement à une valeur attendue. Cette comparaison est effectuée à l’aide de l’un des opérateurs pris en charge.
Nom |
Type |
Description |
expectedValue
|
string
|
Valeur attendue.
|
operator
|
Operator
|
Opérateur de comparateur valide à utiliser. Une comparaison ne respectant pas la casse sera appliquée pour String PropertyType.
|
propertyJPath
|
string
|
JPath de la propriété du modèle d’entité qui doit être vérifiée.
|
propertyType
|
PropertyType
|
Type de données des opérandes comparés (chaîne, entier, nombre à virgule flottante ou booléen [true/false]]
|
CloudError
Réponse d’erreur courante pour toutes les API Azure Resource Manager pour retourner les détails de l’erreur concernant les opérations ayant échoué. (Cela suit également le format de réponse d’erreur OData.).
Nom |
Type |
Description |
error.additionalInfo
|
ErrorAdditionalInfo[]
|
Informations supplémentaires sur l’erreur.
|
error.code
|
string
|
Code d'erreur.
|
error.details
|
CloudErrorBody[]
|
Détails de l’erreur.
|
error.message
|
string
|
Message d’erreur.
|
error.target
|
string
|
Cible d’erreur.
|
CloudErrorBody
Détail de l’erreur.
Nom |
Type |
Description |
additionalInfo
|
ErrorAdditionalInfo[]
|
Informations supplémentaires sur l’erreur.
|
code
|
string
|
Code d'erreur.
|
details
|
CloudErrorBody[]
|
Détails de l’erreur.
|
message
|
string
|
Message d’erreur.
|
target
|
string
|
Cible d’erreur.
|
ErrorAdditionalInfo
Informations supplémentaires sur l’erreur de gestion des ressources.
Nom |
Type |
Description |
info
|
object
|
Informations supplémentaires
|
type
|
string
|
Type d’informations supplémentaires.
|
EventSource
Type de source d’événement valide.
Nom |
Type |
Description |
Alerts
|
string
|
|
Assessments
|
string
|
|
AssessmentsSnapshot
|
string
|
|
RegulatoryComplianceAssessment
|
string
|
|
RegulatoryComplianceAssessmentSnapshot
|
string
|
|
SecureScoreControls
|
string
|
|
SecureScoreControlsSnapshot
|
string
|
|
SecureScores
|
string
|
|
SecureScoresSnapshot
|
string
|
|
SubAssessments
|
string
|
|
SubAssessmentsSnapshot
|
string
|
|
Operator
Opérateur de comparateur valide à utiliser. Une comparaison ne respectant pas la casse sera appliquée pour String PropertyType.
Nom |
Type |
Description |
Contains
|
string
|
S’applique uniquement aux opérandes non décimaux
|
EndsWith
|
string
|
S’applique uniquement aux opérandes non décimaux
|
Equals
|
string
|
S’applique aux opérandes décimaux et non décimaux
|
GreaterThan
|
string
|
S’applique uniquement aux opérandes décimaux
|
GreaterThanOrEqualTo
|
string
|
S’applique uniquement aux opérandes décimaux
|
LesserThan
|
string
|
S’applique uniquement aux opérandes décimaux
|
LesserThanOrEqualTo
|
string
|
S’applique uniquement aux opérandes décimaux
|
NotEquals
|
string
|
S’applique aux opérandes décimaux et non décimaux
|
StartsWith
|
string
|
S’applique uniquement aux opérandes non décimaux
|
PropertyType
Type de données des opérandes comparés (chaîne, entier, nombre à virgule flottante ou booléen [true/false]]
Nom |
Type |
Description |
Boolean
|
string
|
|
Integer
|
string
|
|
Number
|
string
|
|
String
|
string
|
|